developer/galaxy-game
1
1
Fork 0
Code Issues Pull Requests Actions Packages Releases Wiki Activity
Files
9e9977d5f126bb2dc2fd7da57d55fbc997b5105d
galaxy-game/ui/core/canon/signature_test.go
T
Ilia Denisov bde9d535dc
Tests · UI / test (pull_request) Has been cancelled
Details
Tests · Integration / integration (pull_request) Successful in 1m46s
Details
Tests · Go / test (pull_request) Successful in 2m4s
Details
Tests · Go / test (push) Successful in 2m28s
Details
Tests · UI / test (push) Successful in 3m22s
Details
chore(cleanup): purge /command residuals — fakeEngine, canon golden, openapi 
Follow-up tidy after the cross-service /command removal (#73):

- Rename the router test double dummyExecutor -> fakeEngine (and the
  newExecutor / setupRouterExecutor helpers -> newFakeEngine /
  setupRouterEngine): it implements handler.Engine now, "executor" was a
  leftover of the removed adapter. Test-only.

- Regenerate the ui/core canon signing golden onto user.games.order
  (request_user_games_command.json -> request_user_games_order.json, fresh
  canonical bytes + Ed25519 signature) and drop the last
  user.games.command references from the Go/TS tests and docs.

- Align game openapi: CommandRequest.cmd no longer carries minItems: 1. It
  is now used only by PUT /api/v1/order, which accepts an empty batch
  (clearing the player's stored order, equivalent to removing every
  command); the contract test freezes the empty-allowed shape.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-30 15:16:17 +02:00

146 lines
4.1 KiB
Go
Raw Blame History

package canon_test
import (
"crypto/ed25519"
"crypto/sha256"
"encoding/base64"
"testing"
"galaxy/core/canon"
"github.com/stretchr/testify/require"
)
func TestVerifyRequestSignature(t *testing.T) {
t.Parallel()
clientPrivateKey := newTestPrivateKey("primary")
clientPublicKey, _ := clientPrivateKey.Public().(ed25519.PublicKey)
otherPrivateKey := newTestPrivateKey("other")
otherPublicKey, _ := otherPrivateKey.Public().(ed25519.PublicKey)
fields := canon.RequestSigningFields{
ProtocolVersion: "v1",
DeviceSessionID: "device-session-123",
MessageType: "user.games.order",
TimestampMS: 123456789,
RequestID: "request-123",
PayloadHash: sha256Sum([]byte("payload")),
}
signature := ed25519.Sign(clientPrivateKey, canon.BuildRequestSigningInput(fields))
tests := []struct {
name string
clientPublicKey string
signature []byte
fields canon.RequestSigningFields
wantErr error
}{
{
name: "valid signature",
clientPublicKey: base64.StdEncoding.EncodeToString(clientPublicKey),
signature: signature,
fields: fields,
},
{
name: "tampered payload hash rejects signature",
clientPublicKey: base64.StdEncoding.EncodeToString(clientPublicKey),
signature: signature,
fields: func() canon.RequestSigningFields {
mutated := fields
mutated.PayloadHash = sha256Sum([]byte("other"))
return mutated
}(),
wantErr: canon.ErrInvalidRequestSignature,
},
{
name: "mismatched request id rejects signature",
clientPublicKey: base64.StdEncoding.EncodeToString(clientPublicKey),
signature: signature,
fields: func() canon.RequestSigningFields {
mutated := fields
mutated.RequestID = "request-456"
return mutated
}(),
wantErr: canon.ErrInvalidRequestSignature,
},
{
name: "mismatched timestamp rejects signature",
clientPublicKey: base64.StdEncoding.EncodeToString(clientPublicKey),
signature: signature,
fields: func() canon.RequestSigningFields {
mutated := fields
mutated.TimestampMS++
return mutated
}(),
wantErr: canon.ErrInvalidRequestSignature,
},
{
name: "wrong key rejects signature",
clientPublicKey: base64.StdEncoding.EncodeToString(otherPublicKey),
signature: signature,
fields: fields,
wantErr: canon.ErrInvalidRequestSignature,
},
{
name: "bit-flipped signature rejects",
clientPublicKey: base64.StdEncoding.EncodeToString(clientPublicKey),
signature: func() []byte {
corrupted := append([]byte(nil), signature...)
corrupted[0] ^= 0xFF
return corrupted
}(),
fields: fields,
wantErr: canon.ErrInvalidRequestSignature,
},
{
name: "invalid signature length rejects",
clientPublicKey: base64.StdEncoding.EncodeToString(clientPublicKey),
signature: signature[:len(signature)-1],
fields: fields,
wantErr: canon.ErrInvalidRequestSignature,
},
{
name: "empty signature rejects",
clientPublicKey: base64.StdEncoding.EncodeToString(clientPublicKey),
signature: nil,
fields: fields,
wantErr: canon.ErrInvalidRequestSignature,
},
{
name: "invalid base64 public key rejects",
clientPublicKey: "%%%not-base64%%%",
signature: signature,
fields: fields,
wantErr: canon.ErrInvalidClientPublicKey,
},
{
name: "invalid public key length rejects",
clientPublicKey: base64.StdEncoding.EncodeToString([]byte("short")),
signature: signature,
fields: fields,
wantErr: canon.ErrInvalidClientPublicKey,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
t.Parallel()
err := canon.VerifyRequestSignature(tt.clientPublicKey, tt.signature, tt.fields)
if tt.wantErr == nil {
require.NoError(t, err)
return
}
require.ErrorIs(t, err, tt.wantErr)
})
}
}
func newTestPrivateKey(label string) ed25519.PrivateKey {
seed := sha256.Sum256([]byte("ui-core-canon-signature-test-" + label))
return ed25519.NewKeyFromSeed(seed[:])
}
Reference in New Issue View Git Blame Copy Permalink